commit: 2cf4f014d8881fd140be957d5de57ddbbd1e3974 Author: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> AuthorDate: Sat Jan 7 13:01:36 2017 +0000 Commit: Andreas Sturmlechner <asturm <AT> gentoo <DOT> org> CommitDate: Sat Jan 7 13:01:36 2017 +0000 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2cf4f014
kde-apps/ark: Disable shell script execution Gentoo-bug: 604846 Package-Manager: portage-2.3.0 kde-apps/ark/ark-16.08.3-r1.ebuild | 70 ++++++++++++++++++++++ kde-apps/ark/ark-16.12.0-r1.ebuild | 70 ++++++++++++++++++++++ .../files/ark-16.12.0-disable-executables.patch | 25 ++++++++ 3 files changed, 165 insertions(+) diff --git a/kde-apps/ark/ark-16.08.3-r1.ebuild b/kde-apps/ark/ark-16.08.3-r1.ebuild new file mode 100644 index 00000000..5c128ad --- /dev/null +++ b/kde-apps/ark/ark-16.08.3-r1.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +KDE_HANDBOOK="forceoptional" +KDE_TEST="optional" +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="KDE Archiving tool" +HOMEPAGE="https://www.kde.org/applications/utilities/ark +https://utils.kde.org/projects/ark"; +KEYWORDS="~amd64 ~x86" +IUSE="bzip2 lzma zlib" + +RDEPEND=" + $(add_frameworks_dep karchive) + $(add_frameworks_dep kcompletion) + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kconfigwidgets) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep kcrash) + $(add_frameworks_dep kdbusaddons) + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kiconthemes) + $(add_frameworks_dep kio) + $(add_frameworks_dep kjobwidgets) + $(add_frameworks_dep kparts) + $(add_frameworks_dep kpty) + $(add_frameworks_dep kservice) + $(add_frameworks_dep kwidgetsaddons) + $(add_frameworks_dep kxmlgui) + $(add_qt_dep qtdbus) + $(add_qt_dep qtgui) + $(add_qt_dep qtwidgets) + >=app-arch/libarchive-3.1.0[bzip2?,lzma?,zlib?] +" +DEPEND="${RDEPEND} + $(add_qt_dep qtconcurrent) + sys-devel/gettext +" + +# bug #560548, last checked with 16.04.1 +RESTRICT="test" + +PATCHES=( "${FILESDIR}/${PN}-16.12.0-disable-executables.patch" ) + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_find_package bzip2 BZip2) + $(cmake-utils_use_find_package lzma LibLZMA) + $(cmake-utils_use_find_package zlib ZLIB) + ) + + kde5_src_configure +} + +pkg_postinst() { + kde5_pkg_postinst + + if ! has_version app-arch/unar ; then + elog "For handling rar archives, install app-arch/unar" + fi + + if ! has_version app-arch/p7zip ; then + elog "For handling 7-Zip archives, install app-arch/p7zip" + fi +} diff --git a/kde-apps/ark/ark-16.12.0-r1.ebuild b/kde-apps/ark/ark-16.12.0-r1.ebuild new file mode 100644 index 00000000..a00cb57 --- /dev/null +++ b/kde-apps/ark/ark-16.12.0-r1.ebuild @@ -0,0 +1,70 @@ +# Copyright 1999-2017 Gentoo Foundation +# Distributed under the terms of the GNU General Public License v2 +# $Id$ + +EAPI=6 + +KDE_HANDBOOK="forceoptional" +KDE_TEST="optional" +VIRTUALX_REQUIRED="test" +inherit kde5 + +DESCRIPTION="KDE Archiving tool" +HOMEPAGE="https://www.kde.org/applications/utilities/ark +https://utils.kde.org/projects/ark"; +KEYWORDS="~amd64 ~x86" +IUSE="bzip2 lzma zlib" + +RDEPEND=" + $(add_frameworks_dep karchive) + $(add_frameworks_dep kcompletion) + $(add_frameworks_dep kconfig) + $(add_frameworks_dep kconfigwidgets) + $(add_frameworks_dep kcoreaddons) + $(add_frameworks_dep kcrash) + $(add_frameworks_dep kdbusaddons) + $(add_frameworks_dep ki18n) + $(add_frameworks_dep kiconthemes) + $(add_frameworks_dep kio) + $(add_frameworks_dep kjobwidgets) + $(add_frameworks_dep kparts) + $(add_frameworks_dep kpty) + $(add_frameworks_dep kservice) + $(add_frameworks_dep kwidgetsaddons) + $(add_frameworks_dep kxmlgui) + $(add_qt_dep qtdbus) + $(add_qt_dep qtgui) + $(add_qt_dep qtwidgets) + >=app-arch/libarchive-3.1.0[bzip2?,lzma?,zlib?] +" +DEPEND="${RDEPEND} + $(add_qt_dep qtconcurrent) + sys-devel/gettext +" + +# bug #560548, last checked with 16.04.1 +RESTRICT+=" test" + +PATCHES=( "${FILESDIR}/${P}-disable-executables.patch" ) + +src_configure() { + local mycmakeargs=( + $(cmake-utils_use_find_package bzip2 BZip2) + $(cmake-utils_use_find_package lzma LibLZMA) + $(cmake-utils_use_find_package zlib ZLIB) + ) + + kde5_src_configure +} + +pkg_postinst() { + kde5_pkg_postinst + + if ! has_version app-arch/unar ; then + elog "For handling rar archives, install app-arch/unar" + fi + + if ! has_version app-arch/p7zip ; then + elog "For handling 7-Zip archives, install app-arch/p7zip" + fi +} diff --git a/kde-apps/ark/files/ark-16.12.0-disable-executables.patch b/kde-apps/ark/files/ark-16.12.0-disable-executables.patch new file mode 100644 index 00000000..35cd304 --- /dev/null +++ b/kde-apps/ark/files/ark-16.12.0-disable-executables.patch @@ -0,0 +1,25 @@ +commit 82fdfd24d46966a117fa625b68784735a40f9065 +Author: Elvis Angelaccio <[email protected]> +Date: Fri Jan 6 15:35:46 2017 +0100 + + Stop running executables when opening urls + + This is a security risk because it's not clear when an entry in an + archive is an executable. + + BUG: 374572 + FIXED-IN: 16.12.1 + +diff --git a/part/part.cpp b/part/part.cpp +index f1adf21..80f657b 100644 +--- a/part/part.cpp ++++ b/part/part.cpp +@@ -988,7 +988,7 @@ void Part::slotOpenExtractedEntry(KJob *job) + } else { + KRun::runUrl(QUrl::fromUserInput(fullName, QString(), QUrl::AssumeLocalFile), + QMimeDatabase().mimeTypeForFile(fullName).name(), +- widget()); ++ widget(), false, false); + } + } else if (job->error() != KJob::KilledJobError) { + KMessageBox::error(widget(), job->errorString());
